US Senate Votes to let ISPs Sell Your Private Data

Douglas Crawford

March 24, 2017

Forget the NSA. The US Senate has just landed what is arguably the most serious body-blow to the privacy of ordinary American citizens in the history of the country. It has, in effect, just voted to allow Internet Service Providers (ISPs) to sell or share customers’ detailed web browsing histories and geolocation data with advertisers and partner companies.

An outraged Senator Ed Markey (D-Mass.) said after the vote that the acronym “ISP” now stands for “information sold for profit,” and “invading subscriber privacy,” rather than “Internet service providers.”

So what is going on?

Facebook and Google make huge sums of money from plundering your personal data and selling it advertisers. This is because the more intimately a company knows you – what you like, what your politics are, where you shop (and what for), what you like to do fun, who you like to hang out with, and suchlike – the more effectively it can target advertising at you.

US internet service providers have always been green with envy about this, all the more so because they have access to reams of highly personal information that would make Facebook and Google, themselves, green with envy.

But they have so far been held back from fully exploiting this insanely lucrative treasure trove of data by Federal Communications Commission (FCC) regulations. Critically, in October 2016 the (then Democrat-led) FCC approved new privacy rules. These did not prevent ISPs from monetizing the data they collect, but do require opt-in consent for this from their customers. The new rules were due to come into force December 2017.

Such a requirement would inevitably seriously impact ISP’s bottom line, so just as inevitably, they were furious at the decision. This has led to an intense lobbying campaign by ISPs and their Republican allies to block implementation of the new regulations. They have now succeeded.

As Gaurav Laroia, policy counsel for Free Press Action Fund, said in response to the vote,

“Senate Republicans just struck a massive blow against everyone who uses the internet, dismantling rules protecting people’s private information from unauthorized use and abuse by cable and phone companies.”

This is a view echoed by Dallas Harris, in a statement on behalf of digital rights group Public Knowledge,

“This vote is a clear sign that American interests come second to those of broadband providers. Without the FCC’s broadband privacy rules, Americans go from being internet users to marketing data—from people to the product.”

The Congressional Review Act

The legal tool used to reverse the FCC’s rules is itself highly controversial. The rarely used Congressional Review Act (CRA) is an expedited legislative process that cannot be filibustered. This means that under a Republican-majority Senate, there was nothing Democrats could do to prevent the move. And, indeed, the 50-48 Senate vote went entirely along party lines.

The problem, however, does not stop there. According to the DRA, the FCC cannot adopt “substantially similar” rules in the future. This effectively prohibits any further attempt to protect internet users’ privacy.

As moral justification for their actions, ISPs and their republican backers claim that the FCC rules stifle innovation. And, because different rules apply to internet companies such as Facebook and Google, that they are unfair to ISPs and confuse customers. As chief campaigner for scrapping the existing rules, Senator Jeff Flake (R-Ariz), said after the vote,

“Passing my resolution is the first step toward restoring a consumer-friendly approach to internet privacy regulation that empowers consumers to make informed choices on if and how their data can be shared.”

To which Laroia responded,

“At their core these [FCC] rules simply would give people the right to decide for themselves whether to allow their ISPs to share or sell their personal information, including their web-browsing histories. Senator Jeff Flake and his colleagues have the audacity to claim it was necessary to overturn the rules to protect people’s online privacy. That’s false. Their comments are rhetoric dressed up to cloak their real intentions: letting internet service providers profit off your private information.”

So what hope for privacy?

As noted, use of the Congressional Review Act ties the FCCs hands, preventing it from introducing any new privacy protections for internet users. The House of Representatives now needs to ratify the decision. But the House is also controlled by Republicans, so this is pretty much a given.

All the more so thanks to the “mountains” of campaign cash that Marsha Blackburn, Tennessee Republican chair for the House telecom subcommittee, has received from ISPs.

As president, Donald Trump has the power to veto the Senate’s decision, but Trump has always supported big businesses in their drive for minimal regulation. So fat chance.

Conclusion – Start using a VPN. Now!

US internet consumers have therefore been thoroughly shafted. Your ISPs will be able to track everything you do on the internet and sell that data for profit. Mobile ISPs can also map out your every day-to-day movements using geolocation data, and sell that information too.

Using a VPN will at least hide what you get up to on the internet from your ISP. It will encrypt all your internet data, and hide which websites you visit from your ISP (which can only see that you are connected to a VPN server).

To be quite honest, if you are a US internet user who cares even slightly about privacy, you would now be insane if you did not protect your privacy from your rapacious ISP using a good VPN.